From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

Autocrypt is a standardized guideline for e-mail clients, enabling end-to-end encryption in a user-friendly way. Version 1.0 of the Autocrypt specification was released in December 2017. It builds on and is compatible to OpenPGP, and primarily automates the exchange of cryptographic keys between users.


Autocrypt-capable e-mail clients transparently negotiate encryption capabilities and preferences and exchange keys between users alongside sending regular e-mails. This is done by including the key material and encryption preferences in the header of each e-mail, which allows encrypting any message to a contact who has previously sent the user e-mail. Publishing keys onto the public key servers is not necessary, and no support is required from e-mail providers.

When a message is encrypted to a group of receivers, keys are also automatically sent to all receivers in this group. This ensures that a reply to a message can be encrypted without any further complications or work by the user.

Security Model[edit]

Autocrypt is guided by the idea of opportunistic security from RFC 7435 but implementing something much less secure than a trust on first use (TOFU) model. Encryption of messages between Autocrypt-capable clients can be enabled without further need of user interaction. Traditional OpenPGP applications should display a noticable warning if keys are not verified either manually or by a web of trust method before use. In contrast, Autocrypt completely resigns on any kind of key verification. Key exchange is during the initial handshake and valid or invalid keys of peers may be replaced anytime later without any user interaction or verification. This makes it very easy to exchange new key(s) if a user loses access to the key but also makes the protocol much more susceptible to man-in-the-middle attacks than clean TOFU. The underlying OpenPGP implementation makes it often possible for the user to perform manual out of band key verification, however by design users are never alerted if Autocrypt changed the keys of peers.

Autocrypt tries to maximize the possible opportunities for encryption, but is not aggressive about encrypting messages at all possible opportunities. Instead, encryption is only enabled by default if all communicating parties consent, allowing users to make themselves available for encrypted communication without getting in the way of their established workflows.[1]

Man-in-the-middle attacks are not preventable in this security model. This type of attack can be detected (but not prevented) by the user with a manual out of band verification of the peer's cryptographic identity, for example by comparison of cryptographic "fingerprints". A verification mechanism is not part of version 1.0 of Autocrypt, but is planned for future.[2] While Autocrypt currently lacks this specification, most underlying OpenPGP implementations (like GnuPG) already support some type of manual verification that implementers can experiment with.

Technical Details[edit]

Autocrypt uses the established OpenPGP specification as its underlying data format. Messages are encrypted using AES and RSA keys, with a recommended RSA key length of 3072 bits. These mechanisms are chosen for maximum compatibility with existing OpenPGP implementations. There are plans for moving to smaller Elliptic-curve keys when support is more widely available.[3]


Autocrypt is supported in the Thunderbird extension Enigmail since version 2.0,[4] the Delta Chat messenger from Version 0.9.2[5] as well as the Android mail-app K-9 Mail since Version 5.400.[6]

The German e-mail provider Posteo also supports Autocrypt, by additionally cryptographically signing outbound Autocrypt metadata via DKIM.[7]

Further reading[edit]

  • Autocrypt - in: Bertram, Linda A. / Dooble, Gunther van / et al. (Eds.): Nomenclatura: Encyclopedia of modern Cryptography and Internet Security - From AutoCrypt and Exponential Encryption to Zero-Knowledge-Proof Keys, 2019, ISBN 9783746066684.
  • OpenPGP

External links[edit]